Reset the selinux security context before returning from spawn (regression from r2834...

svn path=/main/trunk/; revision=2947

diff --git a/pym/portage.py b/pym/portage.py
index 718c136c30e624d8e6452372d2b2669ea47b88f8..c67a23981722464a5b9d20d6a750d930bf95c08c 100644 (file)
--- a/pym/portage.py
+++ b/pym/portage.py
@@ -1639,21 +1639,23 @@ def spawn(mystring,mysettings,debug=0,free=0,droppriv=0,sesandbox=0,fd_pipes=Non
                free=((droppriv and "usersandbox" not in features) or \
                        (not droppriv and "sandbox" not in features and "usersandbox" not in features))
 
+       if free:
+               keywords["opt_name"] += " bash"
+       else:
+               keywords["opt_name"] += " sandbox"
+
        if sesandbox:
                con = selinux.getcontext()
                con = string.replace(con, mysettings["PORTAGE_T"], mysettings["PORTAGE_SANDBOX_T"])
                selinux.setexec(con)
 
-       if not free:
-               keywords["opt_name"] += " sandbox"
-               return portage_exec.spawn_sandbox(mystring,env=env,**keywords)
-       else:
-               keywords["opt_name"] += " bash"
-               return portage_exec.spawn_bash(mystring,env=env,**keywords)
-       
+       retval = portage_exec.spawn_bash(mystring, env=env, **keywords)
+
        if sesandbox:
                selinux.setexec(None)
 
+       return retval
+
 def fetch(myuris, mysettings, listonly=0, fetchonly=0, locks_in_subdir=".locks",use_locks=1, try_mirrors=1):
        "fetch files.  Will use digest file if available."